Код: Выделить всё
@Bean
public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http) {
log.info("Inside Security Config");
http
.csrf().disable()
.authorizeExchange(exchange -> exchange
.pathMatchers("/auth/signup", "/auth/login", "/auth/verify", "/auth/test").permitAll()
.anyExchange().authenticated()
)
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt.jwtAuthenticationConverter(jwtAuthenticationConverter()))
);
log.info("Post Security Config");
return http.build();
}
@Bean
public ReactiveJwtDecoder reactiveJwtDecoder() {
String jwkSetUri = "https://cognito-idp.us-east-1.amazonaws.com/${id}/.well-known/jwks.json";
return NimbusReactiveJwtDecoder.withJwkSetUri(jwkSetUri).build();
}
@Bean
public Converter jwtAuthenticationConverter() {
JwtGrantedAuthoritiesConverter authoritiesConverter = new JwtGrantedAuthoritiesConverter();
authoritiesConverter.setAuthorityPrefix("ROLE_"); // Optional: Use a prefix if needed
authoritiesConverter.setAuthoritiesClaimName("cognito:groups"); // Adjust if using Cognito groups
JwtAuthenticationConverter authenticationConverter = new JwtAuthenticationConverter();
authenticationConverter.setJwtGrantedAuthoritiesConverter(authoritiesConverter);
return new ReactiveJwtAuthenticationConverterAdapter(authenticationConverter);
}
Код: Выделить всё
@PostMapping("/login")
public String login(@RequestParam String username, @RequestParam String password) {
try {
String secretHash = calculateSecretHash(clientId, clientSecret, username);
AdminInitiateAuthRequest authRequest = AdminInitiateAuthRequest.builder()
.userPoolId(userPoolId)
.clientId(clientId)
.authFlow(AuthFlowType.ADMIN_USER_PASSWORD_AUTH)
.authParameters(Map.of(
"USERNAME", username,
"PASSWORD", password,
"SECRET_HASH", secretHash
))
.build();
AdminInitiateAuthResponse authResponse = cognitoClient.adminInitiateAuth(authRequest);
return "Login successful. Token: " + authResponse.authenticationResult().idToken();
} catch (CognitoIdentityProviderException e) {
System.out.println("Error during login: " + e);
log.info("Error during login: ", e);
return "Error during login: " + e.awsErrorDetails().errorMessage();
} catch (Exception e) {
System.out.println("Unexpected error during login: " + e);
log.info("Unexpected error during login: ", e);
return "Unexpected error during login: " + e.getMessage();
}
}
private String calculateSecretHash(String clientId, String clientSecret, String username) {
try {
Mac mac = Mac.getInstance("HmacSHA256");
SecretKeySpec keySpec = new SecretKeySpec(clientSecret.getBytes(), "HmacSHA256");
mac.init(keySpec);
mac.update(username.getBytes());
mac.update(clientId.getBytes());
byte[] rawHmac = mac.doFinal();
return Base64.getEncoder().encodeToString(rawHmac);
} catch (Exception e) {
throw new RuntimeException("Error while calculating secret hash", e);
}
}
spring:
application:
name: AUTH-SERVICE
main:
web-application-type: reactive
allow-bean-definition-overriding: true
< /code>
Сообщение об ошибке, которое я получаю, является < /strong>
{
«TimeStamp»: «2025-04-18T17: 52: 03.986+00: 00»,
«Путь»: « /auth /login»,
«Статус»: 400,
" /auth",
": 400,
". /> "requestId": "77Ba9097-1"
} < /p>
Пожалуйста, помогите мне разрешить этот < /p>
Я попытался, используя EnableWebsecurity, и все работает отлично. Я хотел использовать enablewebfluxsecurity, но теперь получает ошибку.
Подробнее здесь: https://stackoverflow.com/questions/795 ... lewebfluxs